Comment 5 for bug 1867675

Florian Weimer (fw) wrote :

> - somehow make libseccomp handle "unknown" syscalls, and perhaps
> allow them (instead of blocking)? (not exactly sure how it's
> handling these, so I'd have to read up on that); probably that's the
> same (similar) as changing our "whitelist" to a "blacklist" (which
> could weaken security)

Blocking not otherwise specified system calls with ENOSYS instead of
EPERM generally has this effect. Some container runtimes incorrectly
use EPERM, though. I don't know if this is the issue with Docker here.